Ben Shi

Blog Post

Shellshock vulnerability

Posted Under: notes
September 27, 2014

On 24th Sept 2014, a bash vulnerability, now known as ShellShock was disclosed. The vulnerability allowed attackers to execute arbitrary code by passing strings against environment variables.

This is affecting all unix based systems with bash version between 1.14 and 4.3.

Checking System Vulnerability

env VAR='() { :;}; echo Bash is unsafe!' bash -c "echo Test Complete"

Fix

An incomplete fix is currently available but a complete fix is in the pipeline as we speak.

Whether its a complete fix or not update your bash now!

# debian
sudo apt-get update && sudo apt-get install --only-upgrade bash

Ben Shi

I'm Ben Shi, a Sydney-based Full Stack Software Engineer specialising in micro-services and API development. This is a playground for me to document my learnings and experiences as a technologist.

You can find out a little bit more about me over here.

Contact: [email | twitter| linkedin]